diff options
Diffstat (limited to 'meta-arm/meta-arm-bsp')
48 files changed, 977 insertions, 348 deletions
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf index 320e22ce89..1ba070824e 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf @@ -10,10 +10,10 @@ require conf/machine/include/arm/arch-armv8a.inc TUNE_FEATURES = "aarch64" PREFERRED_VERSION_u-boot ?= "2022.04" -PREFERRED_VERSION_linux-yocto ?= "5.15%" -PREFERRED_VERSION_linux-yocto-rt ?= "5.15%" # FVP u-boot configuration UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig" KERNEL_IMAGETYPE = "Image" + +FVP_CONFIG[bp.virtio_rng.enabled] ?= "1" diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf index 8119cb6818..06bef291f3 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-baser-aemv8r64.conf @@ -9,8 +9,6 @@ require conf/machine/include/arm/armv8r/arch-armv8r64.inc EXTRA_IMAGEDEPENDS += "boot-wrapper-aarch64" PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto" -PREFERRED_VERSION_linux-yocto ?= "5.15%" -PREFERRED_VERSION_linux-yocto-rt ?= "5.15%" PREFERRED_VERSION_u-boot ?= "2022.07" KERNEL_IMAGETYPE = "Image" diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst index 5d6493a490..7cdcd28d78 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst @@ -8,7 +8,73 @@ Change Log ########## This document contains a summary of the new features, changes and -fixes in each release of corstone1000 software stack. +fixes in each release of Corstone-1000 software stack. + +****************** +Version 2022.11.10 +****************** + +Changes +======= + +- Booting the External System (Cortex-M3) with RTX RTOS +- Adding MHU communication between the HOST (Cortex-A35) and the External System +- Adding a Linux application to test the External System +- Adding ESRT (EFI System Resource Table) support +- Upgrading the SW stack recipes +- Upgrades for the U-Boot FF-A driver and MM communication + +Corstone-1000 components versions +======================================= + ++-------------------------------------------+------------+ +| arm-ffa-tee | 1.1.1 | ++-------------------------------------------+------------+ +| arm-ffa-user | 5.0.0 | ++-------------------------------------------+------------+ +| corstone1000-external-sys-tests | 1.0 | ++-------------------------------------------+------------+ +| external-system | 0.1.0 | ++-------------------------------------------+------------+ +| linux-yocto | 5.19 | ++-------------------------------------------+------------+ +| u-boot | 2022.07 | ++-------------------------------------------+------------+ +| optee-client | 3.18.0 | ++-------------------------------------------+------------+ +| optee-os | 3.18.0 | ++-------------------------------------------+------------+ +| trusted-firmware-a | 2.7.0 | ++-------------------------------------------+------------+ +| trusted-firmware-m | 1.6.0 | ++-------------------------------------------+------------+ +| ts-newlib | 4.1.0 | ++-------------------------------------------+------------+ +| ts-psa-{crypto, iat, its. ps}-api-test | 451aa087a4 | ++-------------------------------------------+------------+ +| ts-sp-{se-proxy, smm-gateway} | 3d4956770f | ++-------------------------------------------+------------+ + +Yocto distribution components versions +======================================= + ++-------------------------------------------+---------------------+ +| meta-arm | langdale | ++-------------------------------------------+---------------------+ +| poky | langdale | ++-------------------------------------------+---------------------+ +| meta-openembedded | langdale | ++-------------------------------------------+---------------------+ +| busybox | 1.35.0 | ++-------------------------------------------+---------------------+ +| musl | 1.2.3+git37e18b7bf3 | ++-------------------------------------------+---------------------+ +| gcc-arm-none-eabi-native | 11.2-2022.02 | ++-------------------------------------------+---------------------+ +| gcc-cross-aarch64 | 12.2 | ++-------------------------------------------+---------------------+ +| openssl | 3.0.5 | ++-------------------------------------------+---------------------+ ****************** Version 2022.04.04 @@ -26,10 +92,10 @@ Version 2022.02.25 Changes ======= -- Building and running psa-arch-tests on corstone1000 FVP -- Enabled smm-gateway partition in Trusted Service on corstone1000 FVP -- Enabled MHU driver in Trusted Service on corstone1000 FVP -- Enabled OpenAMP support in SE proxy SP on corstone1000 FVP +- Building and running psa-arch-tests on Corstone-1000 FVP +- Enabled smm-gateway partition in Trusted Service on Corstone-1000 FVP +- Enabled MHU driver in Trusted Service on Corstone-1000 FVP +- Enabled OpenAMP support in SE proxy SP on Corstone-1000 FVP ****************** Version 2022.02.21 @@ -48,7 +114,7 @@ Changes ======= - psa-arch-tests: change master to main for psa-arch-tests - U-Boot: fix null pointer exception for get_image_info -- TF-M: fix capsule instability issue for corstone1000 +- TF-M: fix capsule instability issue for Corstone-1000 ****************** Version 2022.01.07 @@ -56,9 +122,9 @@ Version 2022.01.07 Changes ======= -- corstone1000: fix SystemReady-IR ACS test (SCT, FWTS) failures. +- Corstone-1000: fix SystemReady-IR ACS test (SCT, FWTS) failures. - U-Boot: send bootcomplete event to secure enclave. -- U-Boot: support populating corstone1000 image_info to ESRT table. +- U-Boot: support populating Corstone-1000 image_info to ESRT table. - U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT. ****************** @@ -67,7 +133,7 @@ Version 2021.12.15 Changes ======= -- Enabling corstone1000 FPGA support on: +- Enabling Corstone-1000 FPGA support on: - Linux 5.10 - OP-TEE 3.14 - Trusted Firmware-A 2.5 @@ -83,7 +149,7 @@ Version 2021.10.29 Changes ======= -- Enabling corstone1000 FVP support on: +- Enabling Corstone-1000 FVP support on: - Linux 5.10 - OP-TEE 3.14 - Trusted Firmware-A 2.5 @@ -95,4 +161,4 @@ Changes -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst index 385331bd23..f657c26bc2 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst @@ -8,22 +8,44 @@ Release notes ############# ************************** +Release notes - 2022.11.10 +************************** + +Known Issues or Limitations +--------------------------- + - The external-system can not be reset individually on (or using) AN550_v1 FPGA release. However, the system-wide reset still applies to the external-system. + - FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot. + - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). + - Below SCT FAILURE is a known issues in the FVP: + UEFI Compliant - Boot from network protocols must be implemented -- FAILURE + - Known limitations regarding ACS tests: The behavior after running ACS tests on FVP is not consistent. Both behaviors are expected and are valid; + The system might boot till the Linux prompt. Or, the system might wait after finishing the ACS tests. + In both cases, the system executes the entire test suite and writes the results as stated in the user guide. + +Platform Support +----------------- + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + https://developer.arm.com/downloads/-/download-fpga-images + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21 + https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps + +************************** Release notes - 2022.04.04 ************************** Known Issues or Limitations --------------------------- - - FGPA support Linux distro install and boot through installer. However, + - FPGA support Linux distro install and boot through installer. However, FVP only support openSUSE raw image installation and boot. - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide - cannot boot on corstone1000 (i.e. user may experience timeouts or boot hang). + cannot boot on Corstone-1000 (i.e. user may experience timeouts or boot hang). - Below SCT FAILURE is a known issues in the FVP: UEFI Compliant - Boot from network protocols must be implemented -- FAILURE Platform Support ----------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps ************************** @@ -32,13 +54,13 @@ Release notes - 2022.02.25 Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot. Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Release notes - 2022.02.21 @@ -46,13 +68,13 @@ Release notes - 2022.02.21 Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot, psa-arch-test. Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Release notes - 2022.01.18 @@ -85,13 +107,13 @@ The following components are present in the release: Platform Support ---------------- - - This software release is tested on corstone1000 FPGA version AN550_v1 - - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This software release is tested on Corstone-1000 FPGA version AN550_v1 + - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Known Issues or Limitations --------------------------- - - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS, + - The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS, BSA), manual capsule update test, Linux distro install and boot, and psa-arch-tests. - Only the manual capsule update from UEFI shell is supported on FPGA. @@ -107,7 +129,7 @@ Release notes - 2021.10.29 Software Features ----------------- -This initial release of corstone1000 supports booting Linux on the Cortex-A35 +This initial release of Corstone-1000 supports booting Linux on the Cortex-A35 and TF-M/MCUBOOT in the Secure Enclave. The following components are present in the release: @@ -119,7 +141,7 @@ the release: Platform Support ---------------- - - This Software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21 + - This Software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21 https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps Known Issues or Limitations @@ -134,4 +156,4 @@ For support email: support-subsystem-iot@arm.com -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst index d5930fc8e5..a6350bb8b0 100644 --- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst +++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst @@ -9,9 +9,9 @@ User Guide Notice ------ -The corstone1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build -a tiny Linux distribution suitable for the corstone1000 platform. The Yocto Project relies on the -`Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__ +The Corstone-1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build +a tiny Linux distribution suitable for the Corstone-1000 platform (kernel and initramfs filesystem less than 5 MB on the flash). +The Yocto Project relies on the `Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__ tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__ for more information. @@ -35,12 +35,12 @@ The following prerequisites must be available on the host system. To resolve the Provided components ------------------- -Within the Yocto Project, each component included in the corstone1000 software stack is specified as -a `bitbake recipe <https://www.yoctoproject.org/docs/1.6/bitbake-user-manual/bitbake-user-manual.html#recipes>`__. -The recipes specific to the corstone1000 BSP are located at: +Within the Yocto Project, each component included in the Corstone-1000 software stack is specified as +a `bitbake recipe <https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-intro.html#recipes>`__. +The recipes specific to the Corstone-1000 BSP are located at: ``<_workspace>/meta-arm/meta-arm-bsp/``. -The Yocto machine config files for the corstone1000 FVP and FPGA are: +The Yocto machine config files for the Corstone-1000 FVP and FPGA targets are: - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc`` - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf`` @@ -86,7 +86,7 @@ The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-T distribution which is a Linux distribution stripped down to a minimal configuration. The provided distribution is based on busybox and built using muslibc. The -recipe responsible for building a tiny version of linux is listed below. +recipe responsible for building a tiny version of Linux is listed below. +-----------+----------------------------------------------------------------------------------------------+ | bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend | @@ -96,6 +96,16 @@ recipe responsible for building a tiny version of linux is listed below. | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | +-----------+----------------------------------------------------------------------------------------------+ +External System Tests +======================= +Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__ + ++------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb | ++------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ + +The recipe provides the systems-comms-tests command run in Linux and used for testing the External System. + ************************************************** Software for Boot Processor (a.k.a Secure Enclave) ************************************************** @@ -107,6 +117,18 @@ Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmw | Recipe | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb | +----------+-------------------------------------------------------------------------------------------------+ +************************************************** +Software for the External System +************************************************** + +RTX +==== +Based on `RTX RTOS <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx>`__ + ++----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ +| Recipe | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb | ++----------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ + Building the software stack --------------------------- Create a new folder that will be your workspace and will henceforth be referred @@ -117,7 +139,7 @@ to as ``<_workspace>`` in these instructions. To create the folder, run: mkdir <_workspace> cd <_workspace> -corstone1000 is a Bitbake based Yocto Project which uses kas and bitbake +Corstone-1000 software is based on the Yocto Project which uses kas and bitbake commands to build the stack. To install kas tool, run: :: @@ -128,15 +150,15 @@ In the top directory of the workspace ``<_workspace>``, run: :: - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.04.07 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.10 -To build corstone1000 image for MPS3 FPGA, run: +To build a Corstone-1000 image for MPS3 FPGA, run: :: kas build meta-arm/kas/corstone1000-mps3.yml -Alternatively, to build corstone1000 image for FVP, run: +Alternatively, to build a Corstone-1000 image for FVP, run: :: @@ -150,22 +172,19 @@ Once the build is successful, all output binaries will be placed in the followin - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build; - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build. -Everything apart from the ROM firmware is bundled into a single binary, the -``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. The ROM firmware is the -``bl1.bin`` file. - -The output binaries used by FVP are the following: - - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/bl1.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt`` +Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the +``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. -The output binaries used by FPGA are the following: - - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin`` - - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt`` +The output binaries run in the Corstone-1000 platform are the following: + - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin`` + - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin`` + - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` Flash the firmware image on FPGA -------------------------------- -The user should download the FPGA bit file image from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ +The user should download the FPGA bit file image ``AN550: Arm® Corstone™-1000 for MPS3 Version 1`` +from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__ and under the section ``Arm® Corstone™-1000 for MPS3``. The directory structure of the FPGA bundle is shown below. @@ -214,24 +233,32 @@ Here is an example ;************************************************ [IMAGES] - TOTALIMAGES: 2 ;Number of Images (Max: 32) - + TOTALIMAGES: 3 ;Number of Images (Max: 32) + IMAGE0PORT: 1 IMAGE0ADDRESS: 0x00_0000_0000 IMAGE0UPDATE: RAM IMAGE0FILE: \SOFTWARE\bl1.bin - + IMAGE1PORT: 0 - IMAGE1ADDRESS: 0x00_00010_0000 + IMAGE1ADDRESS: 0x00_0010_0000 IMAGE1UPDATE: AUTOQSPI IMAGE1FILE: \SOFTWARE\cs1000.bin + + IMAGE2PORT: 2 + IMAGE2ADDRESS: 0x00_0000_0000 + IMAGE2UPDATE: RAM + IMAGE2FILE: \SOFTWARE\es0.bin OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3`` 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle. -2. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE - directory of the FPGA bundle and rename the wic image to ``cs1000.bin``. +2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle + and rename the binary to ``es0.bin``. +3. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE + directory of the FPGA bundle and rename the wic.nopt image to ``cs1000.bin``. + **NOTE:** Renaming of the images are required because MCC firmware has limitation of 8 characters before .(dot) and 3 characters after .(dot). @@ -240,41 +267,54 @@ Now, copy the entire folder to board's SDCard and reboot the board. Running the software on FPGA ---------------------------- -On the host machine, open 3 minicom sessions. In case of Linux machine it will -be ttyUSB0, ttyUSB1, ttyUSB2 and it might be different on Window machine. +On the host machine, open 4 serial port terminals. In case of Linux machine it will +be ttyUSB0, ttyUSB1, ttyUSB2, ttyUSB3 and it might be different on Windows machines. - ttyUSB0 for MCC, OP-TEE and Secure Partition - ttyUSB1 for Boot Processor (Cortex-M0+) - ttyUSB2 for Host Processor (Cortex-A35) + - ttyUSB3 for External System Processor (Cortex-M3) -Run following commands to open minicom sessions on Linux: +Run following commands to open serial port terminals on Linux: :: sudo picocom -b 115200 /dev/ttyUSB0 # in one terminal sudo picocom -b 115200 /dev/ttyUSB1 # in another terminal sudo picocom -b 115200 /dev/ttyUSB2 # in another terminal. + sudo picocom -b 115200 /dev/ttyUSB3 # in another terminal. Once the system boot is completed, you should see console -logs on the minicom sessions. Once the HOST(Cortex-A35) is +logs on the serial port terminals. Once the HOST(Cortex-A35) is booted completely, user can login to the shell using **"root"** login. Running the software on FVP --------------------------- -An FVP (Fixed Virtual Platform) of the corstone1000 platform must be available to execute the -included run script. -The Fixed Virtual Platform (FVP) version 11.17_23 can be downloaded from the -`Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs" -section to download the Corstone1000 platform FVP installer. Follow the +An FVP (Fixed Virtual Platform) model of the Corstone-1000 platform must be available to run the +Corstone-1000 FVP software image. + +A Yocto recipe is provided and allows to download the latest supported FVP version. + +The recipe is located at <_workspace>/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb + +The latest supported Fixed Virtual Platform (FVP) version is 11.19_21 and is automatically downloaded +and installed when using the runfvp command as detailed below. + +The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page. On this page, navigate +to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer. Follow the instructions of the installer and setup the FVP. +To run the FVP using the runfvp command, please run the following command: + +:: + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf When the script is executed, three terminal instances will be launched, one for the boot processor (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is -executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic +executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic.nopt file are copied to their respective memory locations within the model, enforce firewall policies on memories and peripherals and then, bring the host out of reset. @@ -282,13 +322,20 @@ The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and presen (FVP host_terminal_0): :: + corstone1000-fvp login: Login using the username root. -Running test applications +The External System can be released out of reset on demand using the systems-comms-tests command. + +SystemReady-IR tests ------------------------- +********************* +Testing steps +********************* + **NOTE**: Running the SystemReady-IR tests described below requires the user to work with USB sticks. In our testing, not all USB stick models work well with MPS3 FPGA. Here are the USB sticks models that are stable in our test @@ -305,7 +352,8 @@ erase the SecureEnclave flash cleanly and prepare a clean board environment for the testing. Clean Secure Flash Before Testing (applicable to FPGA only) ------------------------------------------------------------ +================================================================== + To prepare a clean board environment with clean secure flash for the testing, the user should prepare an image that erases the secure flash cleanly during boot. Run following commands to build such image. @@ -313,7 +361,7 @@ boot. Run following commands to build such image. :: cd <_workspace> - git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.02.18 + git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.11.10 git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm cd meta-arm @@ -325,7 +373,7 @@ Replace the bl1.bin and cs1000.bin files on the SD card with following files: - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt -Now reboot the board. This step erases the Corstone1000 SecureEnclave flash +Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash completely, the user should expect following message from TF-M log: :: @@ -338,7 +386,7 @@ Then the user should follow "Building the software stack" to build a clean software stack and flash the FPGA as normal. And continue the testing. Run SystemReady-IR ACS tests ------------------------------ +============================= ACS image contains two partitions. BOOT partition and RESULTS partition. Following packages are under BOOT partition @@ -355,10 +403,10 @@ PLEASE MAKE SURE THAT THE RESULTS PARTITION IS EMPTY BEFORE YOU START THE TESTIN WILL NOT BE CONSISTENT FPGA instructions for ACS image -------------------------------- +================================ This section describes how the user can build and run Architecture Compliance -Suite (ACS) tests on Corstone1000. +Suite (ACS) tests on Corstone-1000. First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__. This repository contains the infrastructure to build the Architecture @@ -374,8 +422,8 @@ Once the repository is successfully downloaded, the prebuilt ACS live image can - ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz`` **NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide -USB driver support for Corstone1000. The ACS image with newer kernel version -and with full USB support for Corstone1000 will be available in the next +USB driver support for Corstone-1000. The ACS image with newer kernel version +and with full USB support for Corstone-1000 will be available in the next SystemReady release in this repository. Then, the user should prepare a USB stick with ACS image. In the given example here, @@ -385,7 +433,7 @@ USB drive. Run the following commands to prepare the ACS image in USB stick: :: - cd <_workspace>/arm-systemready/IR/scripts/output/ + cd <_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA unxz ir_acs_live_image.img.xz sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync @@ -394,19 +442,21 @@ ensure that only the USB stick with the ACS image is connected to the board, and then boot the board. FVP instructions for ACS image and run ---------------------------------------- +============================================ -Download acs image from: +Download ACS image from: - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7`` -Use the below command to run the FVP with acs image support in the +Use the below command to run the FVP with ACS image support in the SD card. :: unxz ${<path-to-img>/ir_acs_live_image.img.xz} -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" + tmux + + <_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf – -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" The test results can be fetched using following commands: @@ -416,8 +466,8 @@ The test results can be fetched using following commands: sudo mount -o rw,offset=<offset_2nd_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ fdisk -lu <path-to-img>/ir_acs_live_image.img -> Device Start End Sectors Size Type - /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data - /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data -> <offset_2nd_partition> = 1050624 * 512 (sector size) = 537919488 @@ -427,7 +477,7 @@ Once test is finished, the FVP can be stoped, and result can be copied following instructions. Common to FVP and FPGA ------------------------ +=========================== U-Boot should be able to boot the grub bootloader from the 1st partition and if grub is not interrupted, tests are executed @@ -440,81 +490,226 @@ automatically in the following sequence: The results can be fetched from the ``acs_results`` partition of the USB stick (FPGA) / SD Card (FVP). -Manual capsule update test --------------------------- +##################################################### + +Manual capsule update and ESRT checks +--------------------------------------------------------------------- -The following steps describe running manual capsule update with the ``direct`` -method. +The following section describes running manual capsule update with the ``direct`` method. -Check the "Run SystemReady-IR ACS tests" section above to download and unpack the acs image file +The steps described in this section perform manual capsule update and show how to use the ESRT feature +to retrieve the installed capsule details. + +For the following tests two capsules are needed to perform 2 capsule updates. A positive update and a negative update. + +A positive test case capsule which boots the platform correctly until the Linux prompt, and a negative test case with an +incorrect capsule (corrupted or outdated) which fails to boot to the host software. + +Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file - ``ir_acs_live_image.img.xz`` -Download edk2 and generate capsule file: +Download edk2 under <_workspace> : :: git clone https://github.com/tianocore/edk2.git - edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ - cs1k_cap --fw-version 1 --lsv 0 --guid \ - e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ - 0 --verbose <binary_file> -The <binary_file> here should be a corstone1000-image-corstone1000-fvp.wic.nopt image for FVP and -corstone1000-image-corstone1000-mps3.wic.nopt for FPGA. And this input binary file -(capsule) should be less than 15 MB. +********************* +Generating Capsules +********************* + +The capsule binary size (wic.nopt file) should be less than 15 MB. Based on the user's requirement, the user can change the firmware version number given to ``--fw-version`` option (the version number needs to be >= 1). -Capsule Copy instructions for FPGA ------------------------------------ +Generating FPGA Capsules +======================== + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_mps3_v5 --fw-version 5 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_mps3_v6 --fw-version 6 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt + +Generating FVP Capsules +======================== + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_fvp_v6 --fw-version 6 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + +:: + + <_workspace>/edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \ + cs1k_cap_fvp_v5 --fw-version 5 --lsv 0 --guid \ + e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \ + 0 --verbose <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt + +********************* +Copying Capsules +********************* + +Copying the FPGA capsules +========================= The user should prepare a USB stick as explained in ACS image section (see above). -Place the generated ``cs1k_cap`` file in the root directory of the boot partition +Place the generated ``cs1k_cap`` files in the root directory of the boot partition in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file should not be under the EFI/UpdateCapsule directory as this may or may not trigger the on disk method. -Capsule Copy instructions for FVP ---------------------------------- +:: + + sudo cp cs1k_cap_mps3_v6 <mounting path>/BOOT/ + sudo cp cs1k_cap_mps3_v5 <mounting path>/BOOT/ + sync + +Copying the FVP capsules +======================== -Run below commands to copy capsule into the -image file and run FVP software. +First, mount the IR image: :: - sudo mkdir /mnt/test - sudo mount -o rw,offset=<offset_1st_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/ - sudo cp cs1k_cap /mnt/test/ - sudo umount /mnt/test - exit + sudo mkdir /mnt/test + sudo mount -o rw,offset=1048576 <path-to-img>/ir_acs_live_image.img /mnt/test + +Then, copy the capsules: + +:: + + sudo cp cs1k_cap_fvp_v6 /mnt/test/ + sudo cp cs1k_cap_fvp_v5 /mnt/test/ + sync + +Then, unmount the IR image: -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" +:: + + sudo umount /mnt/test + +**NOTE:** Size of first partition in the image file is calculated in the following way. The data is just an example and might vary with different ir_acs_live_image.img files. :: - fdisk -lu <path-to-img>/ir_acs_live_image.img - -> Device Start End Sectors Size Type - /home/emeara01/Downloads/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data - /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data + fdisk -lu <path-to-img>/ir_acs_live_image.img + -> Device Start End Sectors Size Type + <path-to-img>/ir_acs_live_image_modified.img1 2048 1050622 1048575 512M Microsoft basic data + <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022 102399 50M Microsoft basic data - -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 + -> <offset_1st_partition> = 2048 * 512 (sector size) = 1048576 -Common to FVP and FPGA ------------------------ -Reach u-boot then interrupt shell to reach EFI shell. Use below command at EFI shell. +****************************** +Performing the capsule update +****************************** + +During this section we will be using the capsule with the higher version (cs1k_cap_<fvp/mps3>_v6) for the positive scenario +and the capsule with the lower version (cs1k_cap_<fvp/mps3>_v5) for the negative scenario. + +Running the FVP with the IR prebuilt image +============================================== + +Run the FVP with the IR prebuilt image: + +:: + + <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" + +Running the FPGA with the IR prebuilt image +============================================== + +Insert the prepared USB stick then Power cycle the MPS3 board. + +Executing capsule update for FVP and FPGA +============================================== + +Reach u-boot then interrupt the boot to reach the EFI shell. + +:: + + Press ESC in 4 seconds to skip startup.nsh or any other key to continue. + +Then, type FS0: as shown below: :: FS0: - EFI/BOOT/app/CapsuleApp.efi cs1k_cap -For this test, the user can provide two capsules for testing: a positive test -case capsule which boots the board correctly, and a negative test case with an -incorrect capsule which fails to boot the host software. +In case of the positive scenario run the update with the higher version capsule as shown below: + +:: + + EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v6 + +After successfully updating the capsule the system will reset. + +In case of the negative scenario run the update with the lower version capsule as shown below: + +:: + + EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v5 + +The command above should fail and in the TF-M logs the following message should appear: + +:: + + ERROR: flash_full_capsule: version error + +Then, reboot manually: + +:: + + Shell> reset + +FPGA: Select Corstone-1000 Linux kernel boot +============================================== + +Remove the USB stick before u-boot is reached so the Corstone-1000 kernel will be detected and used for booting. + +**NOTE:** Otherwise, the execution ends up in the ACS live image. + +FVP: Select Corstone-1000 Linux kernel boot +============================================== + +Interrupt the u-boot shell. + +:: + + Hit any key to stop autoboot: + +Run the following commands in order to run the Corstone-1000 Linux kernel and being able to check the ESRT table. + +**NOTE:** Otherwise, the execution ends up in the ACS live image. + +:: + + $ run retrieve_kernel_load_addr + $ unzip $kernel_addr 0x90000000 + $ loadm 0x90000000 $kernel_addr_r 0xf00000 + $ bootefi $kernel_addr_r $fdtcontroladdr + + +*********************** +Capsule update status +*********************** + +Positive scenario +================= In the positive case scenario, the user should see following log in TF-M log, indicating the new capsule image is successfully applied, and the board boots @@ -532,6 +727,36 @@ correctly. ... +It's possible to check the content of the ESRT table after the system fully boots. + +In the Linux command-line run the following: + +:: + + # cd /sys/firmware/efi/esrt/entries/entry0 + # cat * + + 0x0 + e2bb9c06-70e9-4b14-97a3-5a7913176e3f + 0 + 6 + 0 + 6 + 0 + +.. line-block:: + capsule_flags: 0x0 + fw_class: e2bb9c06-70e9-4b14-97a3-5a7913176e3f + fw_type: 0 + fw_version: 6 + last_attempt_status: 0 + last_attempt_version: 6 + lowest_supported_fw_ver: 0 + + +Negative scenario +================= + In the negative case scenario, the user should see appropriate logs in the secure enclave terminal. If capsule pass initial verification, but fails verifications performed during boot time, secure enclave will try new images @@ -545,16 +770,45 @@ the previous good bank. fwu_select_previous: in regular state by choosing previous active bank ... -******************************************************* -Linux distro install and boot (applicable to FPGA only) -******************************************************* +It's possible to check the content of the ESRT table after the system fully boots. + +In the Linux command-line run the following: + +:: + + # cd /sys/firmware/efi/esrt/entries/entry0 + # cat * + + 0x0 + e2bb9c06-70e9-4b14-97a3-5a7913176e3f + 0 + 6 + 1 + 5 + 0 + +.. line-block:: + capsule_flags: 0x0 + fw_class: e2bb9c06-70e9-4b14-97a3-5a7913176e3f + fw_type: 0 + fw_version: 6 + last_attempt_status: 1 + last_attempt_version: 5 + lowest_supported_fw_ver: 0 + +Linux distros tests +---------------------------------- + +*************************************************************************************** +Debian/OpenSUSE install and boot (applicable to FPGA only) +*************************************************************************************** To test Linux distro install and boot, the user should prepare two empty USB sticks. Download one of following Linux distro images: - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/ - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/ - - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot20211125-Media.iso + - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive. @@ -578,7 +832,7 @@ Press <Ctrl+x>. Now plug in the second USB stick, the distro installation process will start. -**NOTE:** Due to the performance limitation of Corstone1000 MPS3 FPGA, the +**NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the distro installation process can take up to 24 hours to complete. Once installation is complete, unplug the first USB stick and reboot the board. @@ -591,46 +845,98 @@ a login prompt: Login with the username root. -Run psa-arch-test (applicable to both FPGA and FVP) ---------------------------------------------------- +**NOTE:** The Debian installer has a known issue "Install the GRUB bootloader - unable to install " and these are the steps to +follow on the subsequent popups to solve the issue during the installation: -When running psa-arch-test on MPS3 FPGA, the user should make sure there is no -USB stick connected to the board. Power on the board and boot the board to -Linux. Then, the user should follow the steps below to run the psa_arch_tests. +1. Select "Continue", then "Continue" again on the next popup +2. Scroll down and select "Execute a shell" +3. Select "Continue" +4. Enter the following command: -When running psa-arch-test on Corstone1000 FVP, the user should follow the -instructions in `Running the software on FVP`_ section to boot Linux in FVP -host_terminal_0, and login using the username ``root``. +:: -As a reference for the user's test results, the psa-arch-test report for `Corstone1000 software (CORSTONE1000-2022.02.18) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.02.18>`__ -can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. + in-target grub-install --no-nvram --force-extra-removable -First, create a file containing SE_PROXY_SP UUID. Run: +5. Enter the following command: :: - echo 46bb39d1-b4d9-45b5-88ff-040027dab249 > sp_uuid_list.txt + in-target update-grub -Then, load FFA driver module into Linux kernel. Run: +6. Enter the following command: :: - load_ffa_debugfs.sh . + exit + +7. Select "Continue without boot loader", then select "Continue" on the next popup +8. At this stage, the installation should proceed as normal. -Then, check whether the FFA driver loaded correctly by using the following command: +*************************************************************************************** +OpenSUSE Raw image install and boot (applicable to FVP only) +*************************************************************************************** + +Steps to download openSUSE Tumbleweed raw image: + - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ + - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz`` + +Once the .raw.xz file is downloaded, the raw image file needs to be extracted: :: - cat /proc/modules | grep arm_ffa_user + unxz <file-name.raw.xz> + + +The above command will generate a file ending with extension .raw image. Now, use the following command +to run FVP with raw image installation process. + +:: + +<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + +After successfully installing and booting the Linux distro, the user should see +a openSUSE login prompt. + +:: + + localhost login: + +Login with the username 'root' and password 'linux'. + +PSA API tests +---------------------- + +*************************************************************************************** +Run PSA API test commands (applicable to both FPGA and FVP) +*************************************************************************************** + +When running PSA API test commands (aka PSA Arch Tests) on MPS3 FPGA, the user should make sure there is no +USB stick connected to the board. Power on the board and boot the board to +Linux. Then, the user should follow the steps below to run the tests. + +When running the tests on the Corstone-1000 FVP, the user should follow the +instructions in `Running the software on FVP`_ section to boot Linux in FVP +host_terminal_0, and login using the username ``root``. + +First, load FF-A TEE kernel module: + +:: + + insmod /lib/modules/5.19.9-yocto-standard/extra/arm-ffa-tee.ko + +Then, check whether the FF-A TEE driver is loaded correctly by using the following command: + +:: + + cat /proc/modules | grep arm_ffa_tee The output should be: :: - arm_ffa_user 16384 - - Live 0xffffffc0084b0000 (O) + arm_ffa_tee 16384 - - Live 0xffffffc0004f0000 (O) -Now, run the PSA arch tests with following commands. The user should run the -tests in following order: +Now, run the PSA API tests in the following order: :: @@ -639,47 +945,108 @@ tests in following order: psa-its-api-test psa-ps-api-test -******************************************************** -Linux distro: OpenSUSE Raw image installation (FVP Only) -******************************************************** +External System tests +----------------------------------- -Steps to download openSUSE Tumbleweed raw image: - - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/ - - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-2022.03.18-Snapshot20220331.raw.xz`` +*************************************************************************************** +Running the External System test command (systems-comms-tests) +*************************************************************************************** -Once the .raw.xz file is downloaded, the raw image file needs to be extracted: +Test 1: Releasing the External System out of reset +=================================================== + +Run this command in the Linux command-line: :: - unxz <file-name.raw.xz> + systems-comms-tests 1 +The output on the External System terminal should be: -The above command will generate a file ending with extension .raw image. Now, use the following command -to run FVP with raw image installation process. +:: + + ___ ___ + | / __| + |=== \___ + |___ |___/ + External System Cortex-M3 Processor + Running RTX RTOS + v0.1.0_2022-10-19_16-41-32-8c9dca7 + MHUv2 module 'MHU0_H' started + MHUv2 module 'MHU1_H' started + MHUv2 module 'MHU0_SE' started + MHUv2 module 'MHU1_SE' started + +Test 2: Communication +============================================= + +Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System. + +After running Test 1, run this command in the Linux command-line: :: -<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" + systems-comms-tests 2 -After successfully installing and booting the Linux distro, the user should see -a openSUSE login prompt. +Additional output on the External System terminal will be printed: :: - localhost login: + MHUv2: Message from 'MHU0_H': 0xabcdef1 + Received 'abcdef1' From Host MHU0 + CMD: Increment and return to sender... + MHUv2: Message from 'MHU1_H': 0xabcdef1 + Received 'abcdef1' From Host MHU1 + CMD: Increment and return to sender... -Login with the username 'root' and password 'linux'. +When running Test 2 the first, Test 1 will be run in the background. + +The output on the External System terminal should be: + +:: + + ___ ___ + | / __| + |=== \___ + |___ |___/ + External System Cortex-M3 Processor + Running RTX RTOS + v0.1.0_2022-10-19_16-41-32-8c9dca7 + MHUv2 module 'MHU0_H' started + MHUv2 module 'MHU1_H' started + MHUv2 module 'MHU0_SE' started + MHUv2 module 'MHU1_SE' started + MHUv2: Message from 'MHU0_H': 0xabcdef1 + Received 'abcdef1' From Host MHU0 + CMD: Increment and return to sender... + MHUv2: Message from 'MHU1_H': 0xabcdef1 + Received 'abcdef1' From Host MHU1 + CMD: Increment and return to sender... + +The output on the Host terminal should be: + +:: + + Received abcdf00 from es0mhu0 + Received abcdf00 from es0mhu1 + + +Tests results +----------------------------------- + +As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2022.11.10) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.11.10>`__ +can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__. -************************************** Running the software on FVP on Windows -************************************** -If the user needs to run the Corstone1000 software on FVP on Windows. The user +--------------------------------------------------------------- + +If the user needs to run the Corstone-1000 software on FVP on Windows. The user should follow the build instructions in this document to build on Linux host PC, and copy the output binaries to the Windows PC where the FVP is located, and launch the FVP binary. -------------- -*Copyright (c) 2021, Arm Limited. All rights reserved.* +*Copyright (c) 2022, Arm Limited. All rights reserved.* .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch index 7094c8bc8f..a9a839ea8d 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch @@ -1,7 +1,7 @@ -From c8bd941579fb062359b683b184b851eea2ddb761 Mon Sep 17 00:00:00 2001 +From f526797b83113cc64e3e658c22d8a5d269896a2a Mon Sep 17 00:00:00 2001 From: Ben Horgan <ben.horgan@arm.com> Date: Fri, 4 Mar 2022 16:48:14 +0000 -Subject: [PATCH 1/5] feat: emulate cntp timer register accesses using cnthps +Subject: [PATCH] feat: emulate cntp timer register accesses using cnthps Upstream-Status: Inappropriate [Experimental feature] Signed-off-by: Ben Horgan <ben.horgan@arm.com> @@ -19,10 +19,10 @@ Change-Id: I67508203273baf3bd8e6be2d99717028db945715 create mode 100644 src/arch/aarch64/hypervisor/timer_el1.h diff --git a/Makefile b/Makefile -index c9fb16f..6371a8a 100644 +index 95cab9a5..21cca938 100644 --- a/Makefile +++ b/Makefile -@@ -59,7 +59,8 @@ CHECKPATCH := $(CURDIR)/third_party/linux/scripts/checkpatch.pl \ +@@ -60,7 +60,8 @@ CHECKPATCH := $(CURDIR)/third_party/linux/scripts/checkpatch.pl \ # debug_el1.c : uses XMACROS, which checkpatch doesn't understand. # perfmon.c : uses XMACROS, which checkpatch doesn't understand. # feature_id.c : uses XMACROS, which checkpatch doesn't understand. @@ -33,7 +33,7 @@ index c9fb16f..6371a8a 100644 OUT ?= out/$(PROJECT) OUT_DIR = out/$(PROJECT) diff --git a/src/arch/aarch64/hypervisor/BUILD.gn b/src/arch/aarch64/hypervisor/BUILD.gn -index 6068d1e..de1a414 100644 +index 6068d1e8..de1a414d 100644 --- a/src/arch/aarch64/hypervisor/BUILD.gn +++ b/src/arch/aarch64/hypervisor/BUILD.gn @@ -45,6 +45,7 @@ source_set("hypervisor") { @@ -45,10 +45,10 @@ index 6068d1e..de1a414 100644 ] diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c -index c6cebdd..cb41e6e 100644 +index bcf5ffce..d2df77d8 100644 --- a/src/arch/aarch64/hypervisor/cpu.c +++ b/src/arch/aarch64/hypervisor/cpu.c -@@ -91,13 +91,20 @@ void arch_regs_reset(struct vcpu *vcpu) +@@ -98,13 +98,20 @@ void arch_regs_reset(struct vcpu *vcpu) if (is_primary) { /* * cnthctl_el2 is redefined when VHE is enabled. @@ -72,7 +72,7 @@ index c6cebdd..cb41e6e 100644 } diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c -index cd64d68..c9068c5 100644 +index 4bd8a3b4..4c1b6e48 100644 --- a/src/arch/aarch64/hypervisor/handler.c +++ b/src/arch/aarch64/hypervisor/handler.c @@ -34,6 +34,7 @@ @@ -83,7 +83,7 @@ index cd64d68..c9068c5 100644 /** * Hypervisor Fault Address Register Non-Secure. -@@ -1276,6 +1277,11 @@ void handle_system_register_access(uintreg_t esr_el2) +@@ -1277,6 +1278,11 @@ void handle_system_register_access(uintreg_t esr_el2) inject_el1_unknown_exception(vcpu, esr_el2); return; } @@ -97,7 +97,7 @@ index cd64d68..c9068c5 100644 return; diff --git a/src/arch/aarch64/hypervisor/timer_el1.c b/src/arch/aarch64/hypervisor/timer_el1.c new file mode 100644 -index 0000000..c30e554 +index 00000000..c30e5543 --- /dev/null +++ b/src/arch/aarch64/hypervisor/timer_el1.c @@ -0,0 +1,104 @@ @@ -207,7 +207,7 @@ index 0000000..c30e554 +} diff --git a/src/arch/aarch64/hypervisor/timer_el1.h b/src/arch/aarch64/hypervisor/timer_el1.h new file mode 100644 -index 0000000..04a43b6 +index 00000000..04a43b6c --- /dev/null +++ b/src/arch/aarch64/hypervisor/timer_el1.h @@ -0,0 +1,20 @@ @@ -232,7 +232,7 @@ index 0000000..04a43b6 +bool timer_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id, + uintreg_t esr); diff --git a/src/arch/aarch64/msr.h b/src/arch/aarch64/msr.h -index cd6778b..55e7833 100644 +index cd6778b4..55e78330 100644 --- a/src/arch/aarch64/msr.h +++ b/src/arch/aarch64/msr.h @@ -126,3 +126,11 @@ @@ -247,6 +247,4 @@ index cd6778b..55e7833 100644 +#define MSR_CNTHPS_CTL_EL2 S3_4_C14_C5_1 +#define MSR_CNTHPS_CVAL_EL2 S3_4_C14_C5_2 +#define MSR_CNTHPS_TVAL_EL2 S3_4_C14_C5_0 --- -2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-tc-increase-heap-pages.patch index dfec5d8394..fa35efc112 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-tc-increase-heap-pages.patch @@ -1,4 +1,4 @@ -From e918cc5179241e1d35ba4b465b035b74b88e55d2 Mon Sep 17 00:00:00 2001 +From 613dea068fa546956717ce0b60328e39d451f661 Mon Sep 17 00:00:00 2001 From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> Date: Fri, 29 Apr 2022 20:07:50 +0100 Subject: [PATCH] tc: increase heap pages @@ -6,14 +6,14 @@ Subject: [PATCH] tc: increase heap pages Upstream-Status: Pending Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> --- - /BUILD.gn | 2 +- + BUILD.gn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a//BUILD.gn b//BUILD.gn -index 5d84d13..4ea0890 100644 ---- a//BUILD.gn -+++ b//BUILD.gn -@@ -233,7 +233,7 @@ aarch64_toolchains("secure_tc") { +diff --git a/BUILD.gn b/BUILD.gn +index 6b9b383..62ba763 100644 +--- a/BUILD.gn ++++ b/BUILD.gn +@@ -235,7 +235,7 @@ aarch64_toolchains("secure_tc") { gicd_base_address = "0x30000000" gicr_base_address = "0x30080000" gicr_frames = 8 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch index 95f1651a84..d9ec6e2a99 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch @@ -1,7 +1,7 @@ -From 380f2cf944dd5db36c168a11d31a46ad14cdcb6d Mon Sep 17 00:00:00 2001 +From 97a8ca1835f5d9512dacda497540d5523e56c7dd Mon Sep 17 00:00:00 2001 From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> Date: Tue, 26 Apr 2022 14:43:58 +0100 -Subject: [PATCH 4/5] feat: emulate interrupt controller register access +Subject: [PATCH] feat: emulate interrupt controller register access This emulates ICC_SGI1R_EL1 and ICC_IGRPEN1_EL1 register @@ -16,10 +16,10 @@ Upstream-Status: Inappropriate [Experimental feature] 4 files changed, 97 insertions(+) diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c -index c9068c5..b9aa5d8 100644 +index 4c1b6e48..cd5146bd 100644 --- a/src/arch/aarch64/hypervisor/handler.c +++ b/src/arch/aarch64/hypervisor/handler.c -@@ -1282,6 +1282,11 @@ void handle_system_register_access(uintreg_t esr_el2) +@@ -1283,6 +1283,11 @@ void handle_system_register_access(uintreg_t esr_el2) inject_el1_unknown_exception(vcpu, esr_el2); return; } @@ -32,7 +32,7 @@ index c9068c5..b9aa5d8 100644 inject_el1_unknown_exception(vcpu, esr_el2); return; diff --git a/src/arch/aarch64/hypervisor/perfmon.c b/src/arch/aarch64/hypervisor/perfmon.c -index f13b035..05e216c 100644 +index f13b0354..05e216c8 100644 --- a/src/arch/aarch64/hypervisor/perfmon.c +++ b/src/arch/aarch64/hypervisor/perfmon.c @@ -116,6 +116,10 @@ @@ -131,7 +131,7 @@ index f13b035..05e216c 100644 + return true; +} diff --git a/src/arch/aarch64/hypervisor/perfmon.h b/src/arch/aarch64/hypervisor/perfmon.h -index 81669ba..c90d45b 100644 +index 81669ba1..c90d45bf 100644 --- a/src/arch/aarch64/hypervisor/perfmon.h +++ b/src/arch/aarch64/hypervisor/perfmon.h @@ -70,3 +70,8 @@ bool perfmon_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id, @@ -144,7 +144,7 @@ index 81669ba..c90d45b 100644 +bool intr_ctrl_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id, + uintreg_t esr); diff --git a/src/arch/aarch64/msr.h b/src/arch/aarch64/msr.h -index 55e7833..82aa884 100644 +index 55e78330..82aa8846 100644 --- a/src/arch/aarch64/msr.h +++ b/src/arch/aarch64/msr.h @@ -134,3 +134,6 @@ @@ -154,6 +154,4 @@ index 55e7833..82aa884 100644 + +#define ICC_IGRPEN1_EL1 S3_0_C12_C12_7 +#define ICC_SGI1R_EL1 S3_0_C12_C11_5 --- -2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch index 3139759e73..9960f65dcf 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch @@ -1,4 +1,4 @@ -From c235511a06a54bcccec97b3067c1004d3957b1d8 Mon Sep 17 00:00:00 2001 +From 1fef5bd2504ce3a203c56a3b66dba773cd4893c6 Mon Sep 17 00:00:00 2001 From: Davidson K <davidson.kumaresan@arm.com> Date: Thu, 8 Sep 2022 10:47:10 +0530 Subject: [PATCH] feat(vhe): enable vhe and disable branch protection for TC @@ -29,6 +29,3 @@ index 62ba763..f26ce03 100644 + enable_vhe = "1" } } --- -2.34.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-disable-alignment-check-for-EL0-partitions.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-disable-alignment-check-for-EL0-partitions.patch index d1e10d0ea0..5e620cf318 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-disable-alignment-check-for-EL0-partitions.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-disable-alignment-check-for-EL0-partitions.patch @@ -1,4 +1,4 @@ -From 1e24b45a8ff34af45dda45c57f8403452d384f99 Mon Sep 17 00:00:00 2001 +From 1c4d28493faed6cf189c75fa91d19131e6a34e04 Mon Sep 17 00:00:00 2001 From: Olivier Deprez <olivier.deprez@arm.com> Date: Mon, 8 Aug 2022 19:14:23 +0200 Subject: [PATCH] feat: disable alignment check for EL0 partitions @@ -40,7 +40,7 @@ Upstream-Status: Submitted [https://review.trustedfirmware.org/c/hafnium/hafnium 8 files changed, 59 insertions(+), 30 deletions(-) diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c -index d2df77d..a000159 100644 +index d2df77d8..a000159b 100644 --- a/src/arch/aarch64/hypervisor/cpu.c +++ b/src/arch/aarch64/hypervisor/cpu.c @@ -115,7 +115,9 @@ void arch_regs_reset(struct vcpu *vcpu) @@ -69,7 +69,7 @@ index d2df77d..a000159 100644 r->lazy.vttbr_el2 = pa_addr(table) | ((uint64_t)vm_id << 48); #if SECURE_WORLD == 1 diff --git a/src/arch/aarch64/hypervisor/exceptions.S b/src/arch/aarch64/hypervisor/exceptions.S -index 539e196..d3732f8 100644 +index 539e196d..d3732f86 100644 --- a/src/arch/aarch64/hypervisor/exceptions.S +++ b/src/arch/aarch64/hypervisor/exceptions.S @@ -20,6 +20,9 @@ @@ -147,7 +147,7 @@ index 539e196..d3732f8 100644 ret #endif diff --git a/src/arch/aarch64/hypervisor/feature_id.c b/src/arch/aarch64/hypervisor/feature_id.c -index ed3bf8f..57f3262 100644 +index ed3bf8f1..57f32627 100644 --- a/src/arch/aarch64/hypervisor/feature_id.c +++ b/src/arch/aarch64/hypervisor/feature_id.c @@ -175,7 +175,7 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs) @@ -177,7 +177,7 @@ index ed3bf8f..57f3262 100644 vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPI; vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPA; diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c -index cd5146b..8a3d628 100644 +index cd5146bd..8a3d6289 100644 --- a/src/arch/aarch64/hypervisor/handler.c +++ b/src/arch/aarch64/hypervisor/handler.c @@ -272,9 +272,9 @@ noreturn void sync_current_exception_noreturn(uintreg_t elr, uintreg_t spsr) @@ -241,7 +241,7 @@ index cd5146b..8a3d628 100644 #if SECURE_WORLD == 1 diff --git a/src/arch/aarch64/inc/hf/arch/types.h b/src/arch/aarch64/inc/hf/arch/types.h -index 6379d73..6b8b24f 100644 +index 6379d73e..6b8b24f1 100644 --- a/src/arch/aarch64/inc/hf/arch/types.h +++ b/src/arch/aarch64/inc/hf/arch/types.h @@ -79,8 +79,13 @@ struct arch_regs { @@ -261,7 +261,7 @@ index 6379d73..6b8b24f 100644 /* * System registers. diff --git a/src/arch/aarch64/mm.c b/src/arch/aarch64/mm.c -index 8ee65ca..487ae35 100644 +index 8ee65ca0..487ae353 100644 --- a/src/arch/aarch64/mm.c +++ b/src/arch/aarch64/mm.c @@ -886,7 +886,7 @@ bool arch_mm_init(paddr_t table) @@ -274,7 +274,7 @@ index 8ee65ca..487ae35 100644 (0 << 30) | /* SA. */ (0 << 29) | /* SW. */ diff --git a/src/arch/aarch64/sysregs.c b/src/arch/aarch64/sysregs.c -index e8c154b..087ba4e 100644 +index e8c154b1..087ba4ed 100644 --- a/src/arch/aarch64/sysregs.c +++ b/src/arch/aarch64/sysregs.c @@ -159,7 +159,7 @@ uintreg_t get_cptr_el2_value(void) @@ -303,7 +303,7 @@ index e8c154b..087ba4e 100644 sctlr_el2_value |= SCTLR_EL2_SA; sctlr_el2_value |= SCTLR_EL2_I; diff --git a/src/arch/aarch64/sysregs.h b/src/arch/aarch64/sysregs.h -index babd237..6fdab58 100644 +index babd2375..6fdab58e 100644 --- a/src/arch/aarch64/sysregs.h +++ b/src/arch/aarch64/sysregs.h @@ -668,7 +668,7 @@ uintreg_t get_mdcr_el2_value(void); @@ -315,6 +315,4 @@ index babd237..6fdab58 100644 /** * Branch Target Identification mechanism support in AArch64 state. --- -2.34.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch index 1808295d4b..cfa7cfb73d 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch @@ -1,4 +1,4 @@ -From 02c8afc4f7315b4e12098ffeb8bd5e64e4891e78 Mon Sep 17 00:00:00 2001 +From 4b59905d2fec01cc17038b1c167b4e57e7835adf Mon Sep 17 00:00:00 2001 From: Davidson K <davidson.kumaresan@arm.com> Date: Thu, 7 Oct 2021 12:20:08 +0530 Subject: [PATCH] feat(vhe): set STAGE1_NS while mapping memory from NWd to SWd @@ -17,7 +17,7 @@ Upstream-Status: Pending [Not submitted to upstream yet] 1 file changed, 12 insertions(+) diff --git a/src/ffa_memory.c b/src/ffa_memory.c -index 048cca9..8910cc7 100644 +index 048cca9c..8910cc79 100644 --- a/src/ffa_memory.c +++ b/src/ffa_memory.c @@ -2483,6 +2483,18 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked, @@ -39,6 +39,3 @@ index 048cca9..8910cc7 100644 ret = ffa_retrieve_check_update( to_locked, memory_region->sender, share_state->fragments, share_state->fragment_constituent_counts, --- -2.34.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc index 6dd08ad0a4..433d56129e 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc @@ -9,15 +9,15 @@ PV = "2.7+git${SRCPV}" FILESEXTRAPATHS:prepend:tc := "${THISDIR}/files/tc:" -SRC_URI:remove = "file://0001-Fix-build-with-clang-15.patch" +SRC_URI:remove = "file://0003-Fix-build-with-clang-15.patch" SRC_URI:append = " \ file://0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch \ file://0002-feat-emulate-interrupt-controller-register-access.patch \ - file://0003-tc-increase-heap-pages.patch;patchdir=project/reference \ - file://0004-feat-disable-alignment-check-for-EL0-partitions.patch \ - file://0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch \ - file://0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch;patchdir=project/reference \ + file://0003-feat-disable-alignment-check-for-EL0-partitions.patch \ + file://0004-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch \ + file://0001-tc-increase-heap-pages.patch;patchdir=project/reference \ + file://0002-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch;patchdir=project/reference \ " do_compile() { diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch new file mode 100644 index 0000000000..7fae7b69b0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0007-corstone1000-adjust-PS-asset-configuration.patch @@ -0,0 +1,27 @@ +From 5be42e1c05205209fc3988f0df30a02da95c2448 Mon Sep 17 00:00:00 2001 +From: Rui Miguel Silva <rui.silva@linaro.org> +Date: Wed, 2 Nov 2022 00:12:35 +0000 +Subject: [PATCH] corstone1000: adjust PS asset configuration + +Adjust protected storage asset configuration to be more inline +with the one in trusted service side, that would make thinks +work when testing and using more than the default variables. + +Upstream-Status: Pending +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +--- + platform/ext/target/arm/corstone1000/config.cmake | 1 ++ + 1 file changed, 1 insertions(+) + +diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake +index ab0fe17ba886..c2b4b646e6b0 100644 +--- a/platform/ext/target/arm/corstone1000/config.cmake ++++ b/platform/ext/target/arm/corstone1000/config.cmake +@@ -56,3 +56,4 @@ set(PS_ENCRYPTION OFF CACHE BOOL "Enable + set(PS_ROLLBACK_PROTECTION OFF CACHE BOOL "Enable rollback protection for Protected Storage partition") + + set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256 CACHE STRING "Size of output buffer in platform service.") ++set(PS_NUM_ASSETS "40" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area") +-- +2.38.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index 341a5942e0..58ad103262 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -34,6 +34,7 @@ SRC_URI:append:corstone1000 = " \ file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch \ file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch \ file://0006-corstone1000-remove-two-partition-configuration.patch \ + file://0007-corstone1000-adjust-PS-asset-configuration.patch \ " do_install() { diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch new file mode 100644 index 0000000000..1cbdc9afe1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/fvp-base/0001-arm64-dts-fvp-Enable-virtio-rng-support.patch @@ -0,0 +1,29 @@ +From b443c8efd563dc372c60e7ad9f52aeddf7c13706 Mon Sep 17 00:00:00 2001 +From: Anton Antonov <Anton.Antonov@arm.com> +Date: Mon, 7 Nov 2022 11:37:51 +0000 +Subject: [PATCH] arm64: dts: fvp: Enable virtio-rng support + +The virtio-rng is available from FVP_Base_RevC-2xAEMvA version 11.17. +Enable it since Yocto includes a recipe for a newer FVP version. + +Upstream-Status: Inappropriate [Yocto specific] +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +--- + arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi b/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi +index ec2d5280a30b..acafdcbf1063 100644 +--- a/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi ++++ b/arch/arm64/boot/dts/arm/rtsm_ve-motherboard-rs2.dtsi +@@ -26,7 +26,6 @@ virtio@200000 { + compatible = "virtio,mmio"; + reg = <0x200000 0x200>; + interrupts = <46>; +- status = "disabled"; + }; + }; + }; +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc index 99a40e7777..df9061079a 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc @@ -36,7 +36,6 @@ SRC_URI:append:corstone500 = " \ # Corstone1000 KMACHINE # FILESEXTRAPATHS:prepend:corstone1000 := "${ARMBSPFILESPATHS}" -FILESEXTRAPATHS:prepend:corstone1000 := "${ARMFILESPATHS}" COMPATIBLE_MACHINE:corstone1000 = "${MACHINE}" KCONFIG_MODE:corstone1000 = "--alldefconfig" KMACHINE:corstone1000 = "corstone1000" @@ -70,6 +69,7 @@ KERNEL_FEATURES:corstone1000 = "" COMPATIBLE_MACHINE:fvp-base = "fvp-base" KMACHINE:fvp-base = "fvp" FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}" +SRC_URI:append:fvp-base = " file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch" # # FVP BASE ARM32 KMACHINE @@ -115,7 +115,6 @@ COMPATIBLE_MACHINE:n1sdp = "n1sdp" KBUILD_DEFCONFIG:n1sdp = "defconfig" KCONFIG_MODE:n1sdp = "--alldefconfig" FILESEXTRAPATHS:prepend:n1sdp := "${ARMBSPFILESPATHS}" -FILESEXTRAPATHS:prepend:n1sdp := "${ARMFILESPATHS}" SRC_URI:append:n1sdp = " \ file://0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch \ file://0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch \ diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch index 801905d97a..c44885cf04 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch @@ -1,7 +1,7 @@ -From 7c9589c4bb056db5e1696f2a777891ab235b1b63 Mon Sep 17 00:00:00 2001 +From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 16:36:51 +0000 -Subject: [PATCH 01/19] Add openamp to SE proxy deployment +Subject: [PATCH 01/20] Add openamp to SE proxy deployment Openamp is required to communicate between secure partitions(running on Cortex-A) and trusted-firmware-m(running on Cortex-M). @@ -283,5 +283,5 @@ index 000000000000..449f35f4fda4 +set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}") +set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include") -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch index 39edc9d1e3..0371a7a418 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch @@ -1,7 +1,7 @@ -From e4ccb92f8de94a82edd3548d62c853790ae36bd1 Mon Sep 17 00:00:00 2001 +From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 18:00:46 +0000 -Subject: [PATCH 02/19] Implement mhu driver and the OpenAmp conversion layer. +Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer. This commit adds an mhu driver (v2.1 and v2) to the secure partition se_proxy and a conversion layer to communicate with @@ -1087,5 +1087,5 @@ index 000000000000..bb778bb9719b +# include MHU driver +include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch index bf52a2382b..5686face15 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch @@ -1,7 +1,7 @@ -From e187510a814b48b7b2e477a9913ee35b68522d06 Mon Sep 17 00:00:00 2001 +From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:00:54 +0000 -Subject: [PATCH 03/19] Add openamp rpc caller +Subject: [PATCH 03/20] Add openamp rpc caller Upstream-Status: Pending Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> @@ -1192,5 +1192,5 @@ index d39873a0fe81..34fe5ff1b925 100644 # Stub service provider backends "components/rpc/dummy" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch index 3246224560..84d418c131 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch @@ -1,7 +1,7 @@ -From 8c1bc5a7ae525d64802e2a06746f698f54cf07ca Mon Sep 17 00:00:00 2001 +From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:05:18 +0000 -Subject: [PATCH 04/19] add psa client definitions for ff-m +Subject: [PATCH 04/20] add psa client definitions for ff-m Add PSA client definitions in common include to add future ff-m support. @@ -294,5 +294,5 @@ index 000000000000..aaa973c6e987 + +#endif /* __PSA_MANIFEST_SID_H__ */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch index e179fb035a..df3cb2f4c2 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch @@ -1,7 +1,7 @@ -From e9778f726ed582360152f150301995b10d268aae Mon Sep 17 00:00:00 2001 +From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:13:03 +0000 -Subject: [PATCH 05/19] Add common service component to ipc support +Subject: [PATCH 05/20] Add common service component to ipc support Add support for inter processor communication for PSA including, the openamp client side structures lib. @@ -291,5 +291,5 @@ index 34fe5ff1b925..dd0c5d00c21e 100644 "components/service/discovery/provider" "components/service/discovery/provider/serializer/packed-c" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch index cac43ec4bc..74a83777df 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch @@ -1,7 +1,7 @@ -From 0df82487a7a253c601ca20ca1bd64fbb9ed64230 Mon Sep 17 00:00:00 2001 +From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:19:24 +0000 -Subject: [PATCH 06/19] Add secure storage ipc backend +Subject: [PATCH 06/20] Add secure storage ipc backend Add secure storage ipc ff-m implementation which may use openamp as rpc to communicate with other processor. @@ -519,5 +519,5 @@ index dd0c5d00c21e..cd51460406ca 100644 "components/service/attestation/provider" "components/service/attestation/provider/serializer/packed-c" -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch index 192e9768bd..ad33295d41 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch @@ -1,7 +1,7 @@ -From 9c7f1e6a5eb9ab887e568cfa3c2003583d387bc9 Mon Sep 17 00:00:00 2001 +From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 3 Dec 2021 19:25:34 +0000 -Subject: [PATCH 07/19] Use secure storage ipc and openamp for se_proxy +Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy Remove mock up backend for secure storage in se proxy deployment and use instead the secure storage ipc backend with @@ -59,5 +59,5 @@ index acfb6e8873fa..57290056d614 100644 return secure_storage_provider_init(&ps_provider, backend); } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch index ce7aacf3cd..ab57688276 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch @@ -1,7 +1,7 @@ -From d9169d380366afc63af5d4bf02791aeb41f47897 Mon Sep 17 00:00:00 2001 +From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 12 Dec 2021 10:43:48 +0000 -Subject: [PATCH 08/19] Run psa-arch-test +Subject: [PATCH 08/20] Run psa-arch-test Fixes needed to run psa-arch-test @@ -68,5 +68,5 @@ index 4f6ba2a7d822..1fd6b40dc803 100644 }; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch index ca0c9d9575..3295fa9bd9 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch @@ -1,7 +1,7 @@ -From ee767c1ae857cfcc8b4bb520b2558091e253cf94 Mon Sep 17 00:00:00 2001 +From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 12 Dec 2021 10:57:17 +0000 -Subject: [PATCH 09/19] Use address instead of pointers +Subject: [PATCH 09/20] Use address instead of pointers Since secure enclave is 32bit and we 64bit there is an issue in the protocol communication design that force us to handle @@ -164,5 +164,5 @@ index a1f369db253e..bda442a61d5c 100644 (void)client_id; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch index d47b0decf5..2d0725cb24 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch @@ -1,7 +1,7 @@ -From afdeb8e098a1f2822adf2ea83ded8dd9e2d021ba Mon Sep 17 00:00:00 2001 +From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Tue, 7 Dec 2021 11:50:00 +0000 -Subject: [PATCH 10/19] Add psa ipc attestation to se proxy +Subject: [PATCH 10/20] Add psa ipc attestation to se proxy Implement attestation client API as psa ipc and include it to se proxy deployment. @@ -16,12 +16,15 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++ components/service/common/include/psa/sid.h | 4 + .../se-proxy/common/service_proxy_factory.c | 6 ++ - deployments/se-proxy/se-proxy.cmake | 3 +- - 7 files changed, 169 insertions(+), 1 deletion(-) + deployments/se-proxy/se-proxy.cmake | 7 +- + ...ble-using-hard-coded-attestation-key.patch | 29 ------- + external/psa_arch_tests/psa_arch_tests.cmake | 4 - + 9 files changed, 171 insertions(+), 36 deletions(-) create mode 100644 components/service/attestation/client/psa_ipc/component.cmake create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c + delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake new file mode 100644 @@ -243,10 +246,10 @@ index 57290056d614..4b8cceccbe4d 100644 attest_provider_register_serializer(&attest_provider, TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance()); diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index cd51460406ca..38d26821d44d 100644 +index cd51460406ca..3dbbc36c968d 100644 --- a/deployments/se-proxy/se-proxy.cmake +++ b/deployments/se-proxy/se-proxy.cmake -@@ -49,12 +49,13 @@ add_components(TARGET "se-proxy" +@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy" "components/service/attestation/include" "components/service/attestation/provider" "components/service/attestation/provider/serializer/packed-c" @@ -258,9 +261,63 @@ index cd51460406ca..38d26821d44d 100644 "components/rpc/dummy" "components/rpc/common/caller" - "components/service/attestation/reporter/stub" - "components/service/attestation/key_mngr/stub" - "components/service/crypto/backend/stub" +- "components/service/attestation/key_mngr/stub" +- "components/service/crypto/backend/stub" ++ "components/service/attestation/key_mngr/local" ++ "components/service/crypto/backend/psa_ipc" "components/service/crypto/client/psa" + "components/service/secure_storage/backend/mock_store" + ) +diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch +deleted file mode 100644 +index 6664961ab662..000000000000 +--- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch ++++ /dev/null +@@ -1,29 +0,0 @@ +-From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001 +-From: Gyorgy Szing <Gyorgy.Szing@arm.com> +-Date: Tue, 8 Feb 2022 17:06:37 +0000 +-Subject: [PATCH 1/1] Disable using hard-coded attestation key +- +-Modify platform config to disable using a hard-coded attestation +-key. +- +-Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> +---- +- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +- +- 1 file changed, 1 insertion(+), 1 deletion(-) +- +-diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-index 6112ba7..1cdf581 100755 +---- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h +-@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t; +- #define CRYPTO_VERSION_BETA3 +- +- /* Use hardcoded public key */ +--#define PLATFORM_OVERRIDE_ATTEST_PK +-+//#define PLATFORM_OVERRIDE_ATTEST_PK +- +- /* +- * Include of PSA defined Header files +--- +-2.17.1 +- +diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake +index a8b77a1fc05e..1995df3e0b49 100644 +--- a/external/psa_arch_tests/psa_arch_tests.cmake ++++ b/external/psa_arch_tests/psa_arch_tests.cmake +@@ -15,10 +15,6 @@ set(GIT_OPTIONS + GIT_REPOSITORY ${PSA_ARCH_TESTS_URL} + GIT_TAG ${PSA_ARCH_TESTS_REFSPEC} + GIT_SHALLOW FALSE +- PATCH_COMMAND git stash +- COMMAND git tag -f ts-before-am +- COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch +- COMMAND git reset ts-before-am + ) + + # Ensure list of defines is separated correctly -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch index 988fbbecdd..5803cc17dc 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch @@ -1,7 +1,7 @@ -From 94770f9660154bb1157e19c11fb706889a81ae73 Mon Sep 17 00:00:00 2001 +From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Thu, 9 Dec 2021 14:11:06 +0000 -Subject: [PATCH 11/19] Setup its backend as openamp rpc using secure storage +Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage ipc implementation. Upstream-Status: Pending @@ -159,5 +159,5 @@ index 4b8cceccbe4d..1110ac46bf8b 100644 + return secure_storage_provider_init(&its_provider, backend); } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch index fdc39b0d3c..67ea7b8c56 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch @@ -1,7 +1,7 @@ -From 896b5009bb07c4b53541290e1712856063411107 Mon Sep 17 00:00:00 2001 +From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Thu, 9 Dec 2021 14:17:39 +0000 -Subject: [PATCH 12/19] add psa ipc crypto backend +Subject: [PATCH 12/20] add psa ipc crypto backend Add psa ipc crypto backend and attach it to se proxy deployment. @@ -36,9 +36,8 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> .../crypto/include/psa/crypto_client_struct.h | 8 +- .../service/crypto/include/psa/crypto_sizes.h | 2 +- .../se-proxy/common/service_proxy_factory.c | 15 +- - deployments/se-proxy/se-proxy.cmake | 2 +- .../providers/arm/corstone1000/platform.cmake | 2 + - 29 files changed, 2293 insertions(+), 11 deletions(-) + 28 files changed, 2292 insertions(+), 10 deletions(-) create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h @@ -2556,19 +2555,6 @@ index 1110ac46bf8b..7edeef8b434a 100644 return crypto_iface; } -diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index 38d26821d44d..f647190d9559 100644 ---- a/deployments/se-proxy/se-proxy.cmake -+++ b/deployments/se-proxy/se-proxy.cmake -@@ -57,7 +57,7 @@ add_components(TARGET "se-proxy" - "components/rpc/dummy" - "components/rpc/common/caller" - "components/service/attestation/key_mngr/stub" -- "components/service/crypto/backend/stub" -+ "components/service/crypto/backend/psa_ipc" - "components/service/crypto/client/psa" - "components/service/secure_storage/backend/mock_store" - ) diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake index bb778bb9719b..51e5faa3e4d8 100644 --- a/platform/providers/arm/corstone1000/platform.cmake @@ -2580,5 +2566,5 @@ index bb778bb9719b..51e5faa3e4d8 100644 + +add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch index 1a6e8f50f1..0040e12727 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch @@ -1,7 +1,7 @@ -From 6b8ebdeb8caa6326ae2a4befaf4410a7a54d4e02 Mon Sep 17 00:00:00 2001 +From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001 From: Julian Hall <julian.hall@arm.com> Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH 13/19] Add stub capsule update service components +Subject: [PATCH 13/20] Add stub capsule update service components To facilitate development of a capsule update service provider, stub components are added to provide a starting point for an @@ -338,7 +338,7 @@ index 298d407a2371..02aa7fe2550d 100644 #ifdef __cplusplus } diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake -index f647190d9559..e35b0d0f610d 100644 +index 3dbbc36c968d..f0db2d43f443 100644 --- a/deployments/se-proxy/se-proxy.cmake +++ b/deployments/se-proxy/se-proxy.cmake @@ -51,6 +51,7 @@ add_components(TARGET "se-proxy" @@ -432,5 +432,5 @@ index 000000000000..285d924186be + +#endif /* CAPSULE_UPDATE_PARAMETERS_H */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch index 52c793cc12..22b1da6906 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch @@ -1,7 +1,7 @@ -From a71b26f867f1b4a08285d6da82528de6a54321f2 Mon Sep 17 00:00:00 2001 +From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> Date: Thu, 16 Dec 2021 21:31:40 +0000 -Subject: [PATCH 14/19] Configure storage size +Subject: [PATCH 14/20] Configure storage size Upstream-Status: Pending Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> @@ -10,7 +10,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 715ccc3cb546..aeb8a22062b7 100644 +index 611e2e225c6b..6c3b9ed81c25 100644 --- a/components/service/smm_variable/backend/uefi_variable_store.c +++ b/components/service/smm_variable/backend/uefi_variable_store.c @@ -88,6 +88,7 @@ static efi_status_t check_name_terminator( @@ -38,5 +38,5 @@ index 715ccc3cb546..aeb8a22062b7 100644 context->owner_id = owner_id; -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch index a8f5559d10..426f2ca5c4 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch @@ -1,7 +1,7 @@ -From 3cc9c417f12f005244530d8d706a6b7f3be35627 Mon Sep 17 00:00:00 2001 +From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 13 Feb 2022 09:01:10 +0000 -Subject: [PATCH 15/19] Fix: Crypto interface structure aligned with tf-m +Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m change. NO NEED TO RAISE PR: The PR for this FIX is raied by Emek. @@ -27,5 +27,5 @@ index c13c20e84131..ec25eaf868c7 100644 * AEAD until the API is * restructured -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch index a0911970e6..a59d140023 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch @@ -1,7 +1,7 @@ -From c54afe45c1be25c4819b0f762cf03a24e6343ce5 Mon Sep 17 00:00:00 2001 +From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Sun, 13 Feb 2022 09:49:51 +0000 -Subject: [PATCH 16/19] Integrate remaining psa-ipc client APIs. +Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs. Upstream-Status: Pending Signed-off-by: Satish Kumar <satish.kumar01@arm.com> @@ -490,5 +490,5 @@ index e16f6e5450af..cc9279ee79f2 100644 } #endif -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch index e7c1dc33f8..4adcd90a5f 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch @@ -1,7 +1,7 @@ -From b1ff44c650ae82f364a2f74059eeb280996dc4f8 Mon Sep 17 00:00:00 2001 +From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 17:52:00 +0000 -Subject: [PATCH 17/19] Fix : update psa_set_key_usage_flags definition to the +Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the latest from the tf-m Upstream-Status: Pending @@ -36,5 +36,5 @@ index 1bc55e375eea..b4a7ed4b39d3 100644 } -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch index 9ab1157ead..c1598a9e11 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch @@ -1,11 +1,10 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - -From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001 +From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58. +Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58. +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- @@ -118,5 +117,5 @@ index 0be266b52403..435fd3b523ce 100644 /* Variable length input parameter tags */ -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch index 984e2977d2..02c89d895e 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch @@ -1,7 +1,7 @@ -From 07ad7e1f7ba06045bf331d5b73a6adf38a098fb7 Mon Sep 17 00:00:00 2001 +From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Tue, 11 Oct 2022 10:46:10 +0100 -Subject: [PATCH 19/19] plat: corstone1000: change default smm values +Subject: [PATCH 19/20] plat: corstone1000: change default smm values Smm gateway uses SE proxy to route the calls for any NV storage so set the NV_STORE_SN. @@ -33,5 +33,5 @@ index 51e5faa3e4d8..04b629a81906 100644 + SMM_GATEWAY_MAX_UEFI_VARIABLES=100 +) -- -2.38.0 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch index 79429c7747..ce40df0fd8 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch @@ -1,7 +1,7 @@ -From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001 +From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001 From: Satish Kumar <satish.kumar01@arm.com> Date: Fri, 8 Jul 2022 09:48:06 +0100 -Subject: [PATCH] FMP Support in Corstone1000. +Subject: [PATCH 20/20] FMP Support in Corstone1000. The FMP support is used by u-boot to pupolate ESRT information for the kernel. @@ -11,6 +11,7 @@ The solution is platform specific and needs to be revisted. Signed-off-by: Satish Kumar <satish.kumar01@arm.com> Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted] +Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> --- .../provider/capsule_update_provider.c | 5 + .../capsule_update/provider/component.cmake | 1 + @@ -21,7 +22,7 @@ Upstream-Status: Inappropriate [The solution is platform specific and needs to b create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c -index 9bbd7abc..871d6bcf 100644 +index e133753f8560..991a2235cd73 100644 --- a/components/service/capsule_update/provider/capsule_update_provider.c +++ b/components/service/capsule_update/provider/capsule_update_provider.c @@ -11,6 +11,7 @@ @@ -58,7 +59,7 @@ index 9bbd7abc..871d6bcf 100644 default: EMSG("%s unsupported opcode", __func__); diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake -index 1d412eb2..6b060149 100644 +index 1d412eb234d9..6b0601494938 100644 --- a/components/service/capsule_update/provider/component.cmake +++ b/components/service/capsule_update/provider/component.cmake @@ -10,4 +10,5 @@ endif() @@ -69,7 +70,7 @@ index 1d412eb2..6b060149 100644 ) diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c new file mode 100644 -index 00000000..6a7a47a7 +index 000000000000..6a7a47a7ed99 --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c @@ -0,0 +1,307 @@ @@ -382,7 +383,7 @@ index 00000000..6a7a47a7 +} diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h new file mode 100644 -index 00000000..95fba2a0 +index 000000000000..95fba2a04d5c --- /dev/null +++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h @@ -0,0 +1,26 @@ @@ -413,5 +414,5 @@ index 00000000..95fba2a0 + +#endif /* CORSTONE1000_FMP_SERVICE_H */ -- -2.17.1 +2.38.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch new file mode 100644 index 0000000000..87c053fcc6 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch @@ -0,0 +1,35 @@ +From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Wed, 2 Nov 2022 09:58:27 +0000 +Subject: [PATCH] smm_gateway: add checks for null attributes + +As par EDK-2 and EDK-2 test code, setVariable() with 0 +attributes means a delete variable request. Currently, +smm gatway doesn't handle this scenario. This commit adds +that support. + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + components/service/smm_variable/backend/uefi_variable_store.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c +index 6c3b9ed8..a691dc5d 100644 +--- a/components/service/smm_variable/backend/uefi_variable_store.c ++++ b/components/service/smm_variable/backend/uefi_variable_store.c +@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable( + if (info->is_variable_set) { + + /* It's a request to update to an existing variable */ +- if (!(var->Attributes & ++ if (!(var->Attributes) || (!(var->Attributes & + (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && +- !var->DataSize) { ++ !var->DataSize)) { + + /* It's a remove operation - for a remove, the variable + * data must be removed from the storage backend before +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch new file mode 100644 index 0000000000..ed4e6e27a3 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch @@ -0,0 +1,33 @@ +From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Thu, 3 Nov 2022 17:43:40 +0000 +Subject: [PATCH] smm_gateway: GetNextVariableName Fix + +GetNextVariableName() should return EFI_BUFFER_TOO_SMALL +when NameSize is smaller than the actual NameSize. It +currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting +max_name_len incorrectly. This fixes max_name_len error by +replacing it with actual NameSize request by u-boot. + +Upstream-Status: Pending +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + .../service/smm_variable/provider/smm_variable_provider.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c +index a9679b7e..6a4b6fa7 100644 +--- a/components/service/smm_variable/provider/smm_variable_provider.c ++++ b/components/service/smm_variable/provider/smm_variable_provider.c +@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re + efi_status = uefi_variable_store_get_next_variable_name( + &this_instance->variable_store, + (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data, +- max_name_len, ++ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize, + &resp_buf->data_len); + } + else { +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch index c7289562bd..c7289562bd 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/psa-apitest/0001-corstone1000-port-crypto-config.patch diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend new file mode 100644 index 0000000000..a885d38797 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_git.bbappend @@ -0,0 +1,10 @@ +MACHINE_TS_REQUIRE ?= "" +MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" + +require ${MACHINE_TS_REQUIRE} + + +EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x02000000 \ + -DMM_COMM_BUFFER_PAGE_COUNT=1 \ + " + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index 03f7dff2ef..e97fb5937a 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -1,29 +1,26 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" -SRC_URI:append = " \ - file://0001-Add-openamp-to-SE-proxy-deployment.patch \ - file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch \ - file://0003-Add-openamp-rpc-caller.patch \ - file://0004-add-psa-client-definitions-for-ff-m.patch \ - file://0005-Add-common-service-component-to-ipc-support.patch \ - file://0006-Add-secure-storage-ipc-backend.patch \ - file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch \ - file://0008-Run-psa-arch-test.patch \ - file://0009-Use-address-instead-of-pointers.patch \ - file://0010-Add-psa-ipc-attestation-to-se-proxy.patch \ - file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch \ - file://0012-add-psa-ipc-crypto-backend.patch \ - file://0013-Add-stub-capsule-update-service-components.patch \ - file://0014-Configure-storage-size.patch \ - file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch \ - file://0016-Integrate-remaining-psa-ipc-client-APIs.patch \ - file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ - file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ - file://0019-plat-corstone1000-change-default-smm-values.patch \ - file://0020-FMP-Support-in-Corstone1000.patch \ - " - - -EXTRA_OECMAKE:append = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ - -DMM_COMM_BUFFER_PAGE_COUNT="1" \ +SRC_URI:append:corstone1000 = " \ + file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \ + file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \ + file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \ + file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \ + file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \ + file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \ + file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \ + file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \ + file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \ + file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \ + file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \ + file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \ + file://0014-Configure-storage-size.patch;patchdir=../trusted-services \ + file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \ + file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \ + file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ + file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \ + file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \ + file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \ + file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \ " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc new file mode 100644 index 0000000000..50ff960df5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-api-test.inc @@ -0,0 +1,7 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/psa-apitest:" + +include ts-corstone1000.inc + +SRC_URI:append:corstone1000 = " \ + file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ + " diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend index 6595c92a28..ea49213e89 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend @@ -1,7 +1 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" -FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:" - -SRC_URI:append:corstone1000 = " \ - file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \ - file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \ - " +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend new file mode 100644 index 0000000000..ea49213e89 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_git.bbappend @@ -0,0 +1 @@ +require ts-psa-api-test.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend index 8a37a28175..f39d2395f5 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend @@ -2,3 +2,8 @@ MACHINE_TS_REQUIRE ?= "" MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" require ${MACHINE_TS_REQUIRE} + +EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + " + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend index 8a37a28175..f39d2395f5 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -2,3 +2,8 @@ MACHINE_TS_REQUIRE ?= "" MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" require ${MACHINE_TS_REQUIRE} + +EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ + " + |